FTC Approves Settlement Over Leaky Surveillance Cam

The US Federal Trade Commission (FTC) announced on Friday that it has approved a settlement with TRENDnet, Inc. over lax security features in its line of SecurView cameras.

The FTC approved a final settlement with TRENDnet, a California company that makes the SecurView cameras, which were found to expose customers to remote snooping.

The FTC said on Friday that it has approved a final order settling charges against the company, whose cameras were found to be poorly secured against external attackers, who could access them and use them to spy on the homes and private lives of hundreds of consumers.

The FTC complaint stems from a February, 2012 case in which independent security analysts with the web site Console Cowboys published details on how a firmware flaw allowed authentication for Internet-connected SecurView cameras to be bypassed, giving any Internet user (with the know-how) the ability to view the surveillance camera’s live feed.

Under the terms of its settlement with the Commission, TRENDnet agreed to stop misrepresenting the “security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit,” as well as “the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.”

The company must also establish a comprehensive information security program to address security risks in its products, which the FTC defined as anything that “could result in unauthorized access to or use of the company’s devices, and to protect the security, confidentiality, and integrity of information that is stored, captured, accessed, or transmitted by its devices.”

The FTC has taken the lead among government agencies in warning of the privacy and security risks inherent in many so-called “smart” devices. At a Commission-sponsored forum in November, Commissioner Maureen Ohlhausen said that The Internet of Things has “the potential to transform many fields, including home automation, medicine, and transportation.” However, “the ability to collect large amounts of information and, in some cases, to act on that information also raises important consumer privacy and data security issues.”

The FTC, she said, should use its traditional role as a consumer advocate to investigate IoT technology and provide consumers with a reliable source of information on the dangers that the technology poses. It should also use its enforcement powers to identify and punish “bad actors” that might damage the overall reputation of the IoT.